Delivery in day(s): 3
ITC 596 IT Risk Management Assignment Solution
This is the assessment 3 of ITC 596 IT Risk Management
ENISA or European Union Agency for Network and Information Security is a type of organization which helps the European Union and its citizens to keep their data safe from any kind of security threats. ENISA also helps a number of public and private organizations in keeping their data safe. This report focuses on the different types of security threats which are faced by ENISA while keeping their data safe. These threats vary depending on the damage done by them. Most of these threats are carried by people or group of people who are called as threat agents. This report also explains the ENISA threat landscape process and the methods which can be used to make improvements in it. The report can help ENSIA to find the loopholes which are present in their IT security.
Overview: European Union Agency for Network and Information Security (ENISA) is an organization which works for the European Union. This agency provides different types of methodologies and technologies to the people of the European Union and its states to so that they can keep their data safe and secure. ENISA includes a number of people who are specialists in providing security related to networks and information or data. With the help of the advice and services provided by ENISA, European Union, different member states related to it and the citizens of Europe. Big data can be referred to a large amount of data which can undergo a process of analysis. This large amount of data can be structured or not. Sometimes the data can be semi structured in nature.
The ENISA threat landscape report for 2014 states the various developments which were made in the year of 2014. These developments can be improved by different types of cyber security threats. These threats are related to a number of applications and technologies.
Big data can be specified on the basis of some important points which are given below:
Variety of data
Volume of data
Speed or velocity of processing of data
Variability of data
There a number of security threats faced by ENISA related to the security of the big data. These threats can compromise the confidentiality of a European citizen or the data stored in any of the private sector company. It can also be harmful to the whole European Union as it can develop a number of problems in front of them. One of these threats includes manipulation of the traffic which is available on a network. Hackers can try to send fake traffic on any kind of network so that the network won’t work properly. In such threats, users of the network have no idea if the traffic on their network is fake or not. Another one of the security threats related to big data is the interception of private communication which is happening between two people or groups on a network. Hackers can steal data from such kind of communication if the security features available on the network are not good. Sending a number of spam messages to the citizens of European Union also comes under security threats (Sas, u.d.). These types of security threats related to the security of data can cause a lot of problems to people or organizations which come under the European Union. Some of these problems can be described below:
1. Leaking of personal data or information over the internet.
2. Losing confidential information stored on cloud.
3. Destroying data or information related to an organization
Some of these threats related to the security of big data may arise unintentionally because of lack of knowledge related to cyber security. Such kinds of threats arise because of error made by a person by mistake. This error can cause loss of confidential data and information. Other threats related to security of big data may arise because of unavailability of good security features in an organization. Because of absence of security measures related to the security of data, information can be stolen by hackers who can use it to their own advantage (Rouse, 2016).
The diagram for the security infrastructure of big data of ENISA can be given below:
There are a number of threats related to the security of big data. Big data contains a large amount of data along which is collected with the help of different types of algorithms and technologies. The data collected with these technologies and algorithms undergoes a process of advanced analysis so that useful information from the data can be collected. There are different types of threats related to the security of the big data. These threats vary according to the type of damage done by them on the data of people or organizations. According to that, these threats can be of different types. There are a number of organizations from public and private sector in the European Union who uses different types of technologies and methodologies which are based on the concept of big data. These technologies which work on big data can help an organization in making better decisions for the betterment of their company. It can also be used to improve the efficiency and management of an organization. The applications and systems which use big data are utilized in a number of industries and because of this reason, more threats related to big data are arising. Because of the use of big data in various organizations, it is becoming a target of hackers and other people who try to steal information. There are a number of threats which are related to the security of big data and the application or systems which use big data. Some of these security threats are given below:
Table 1 Strategies to combat insider threats
Strategies to combat
Disclosure of confidential information
Denial of service
Introduction of malicious code or software in an organization’s network
Tempering with data of organization
These are some of those security threats which may arise when something wrong is done intentionally. There are some other threats which may arise because of a human error. It can include installing a malicious software or application by mistake on the system of an organization which may lead to a breach in the whole network. Accessing data or information of an organization from a source which does not have security features and which is not reliable can also be considered as a type of security threat. These are some of the threats related to the security of big data.
Out of these security threats, the threat which can be considered as most significant is the identity theft. This is because of the reason that identity of worker can be stolen and it can be used to leak the data of an organization or its people on the internet. This can lead an organization to face failures in the market and it can also cost a lot of people to lose their jobs. Because of this reason, identity theft can be considered as the most significant threat.
A threat agent can be defined as a person or group of people who can try to compromise the security of a system or network which is utilizing big data. Threat agents can also include a method or thing which can be used for breaching the security of a system or network used in an organization. Threat agents include different groups of hackers as well as people who are working in an organization. These people are called insiders and they can include systems analysts or administrators or developers. They can try to compromise or break the security of a network which can lead the organization to face different types of problems. Threat agents can also include a company who wants to compete with its rivals and does something wrong. Besides these, different countries who try to steal confidential data of another country can also be considered as a type of threat agent.
Table 2 Threat agents and what could be done to minimize their impact
Actions to minimize the impact
It includes a group of people who have their personal vendetta and can steal confidential data. These people are inspired by different types of social and political reasons.
Using better security features such as firewall and encrypted data in the organization
It consists of organizations or companies who want to compete with their rivals in the market and become hostile in doing so. These organizations use different types of method and technologies to steal data of their rival companies so that they can get ahead in business.
Providing proper training to the employees of the organization related to cyber security and the various threats related to it.
It contains people or group of people whose motivation can vary from a religious reason to a political reason.
Restricting any kind of unauthorized access to the system or network of the organization which utilizes big data
When there is a rivalry between two nations then they try to steal confidential data related to each other. Some of the nations can even develop a cyber weapon to affect the services of different parts of another country.
Preparing a proper response plan in case of data or security breach
There are a number of key threat agents who can try to steal data from an organization or an individual. According to ENISA, these threat agents can cause damage to a person or company or even a nation by compromising the big data used in that organization (Wilson, 2016).
Social hacking issues: There are a number of issues which are related to the security of data stored on different types of social networking sites. One of the social hacking issues is phishing. Hackers can try to steal confidential data of people by compromising the security of a third party software or application. This can lead the person to open that application or a link related to it. When the person opens the link that the security of his system is compromised and hackers can easily steal their data. These links are often sent to the user s via different social media platforms such as Facebook and Twitter.
Another one of these issues is that the hackers can send spam messages to the users and ask them to share their personal details. In such cases, hackers call these people on the basis of their information received from various social networking sites. These are some of the social hacking issues which can be encountered by the people who use social media and have any kind of personal data saved on these sites.
These are some of the ways which can be used to control and minimize the impact of different types of attacks done by these threat agents.
Trends in threats probability: On the basis of probability, there are a number of threats which are in trend. One of the most common threats is identity theft. Another one of the threats which are in trend is hacking a network or account and asking money as ransom to provide access to that account again. Besides it, introducing fake traffic on a network and sending spam messages are also the types of threats which are in trend. Sending spam messages can also be considered as the trend in present time. Spam messages are increasing because more people have access to internet and number of people using smartphones is also increasing. It is allowing the hackers to steal data of the people who are new to internet and other applications. It decreased in 2014 because more people were becoming aware of these messages and learning about cyber security.
ETL stands for ENISA threat landscape. There are a number of methods and techniques which can be taken in consideration for making improvements in the ETL. These methods and techniques can allow ENISA to improve its counter measures and security features related to the safety of data of European citizens, organizations and the government.
Table 3 Future threats for ENISA to combat (2016 and beyond)
Reason for being the most challenging threat for ENISA in 2016
Leakage of information
This could lead leakage of confidential data of the European organizations and government.
Information of European citizens can be used to commit different types of criminal activities.
Physical damage to systems and servers
It could lead an organization to lose their data saved in the system if is not created.
The systems and computers used by common people and organizations can be hacked and disabled until ransom money is paid by the users.
There were a number of threats which were faced by ENISA related to the security of data. Some of these threats are given below:
1. Botnets and denial of service
2. Insider threats
4. Data Breach
ETL can be helpful for pointing the different types of threats which were faced by ENISA and add counter measures and extra security features so that these threats can be overcome. Some of these methodologies and techniques which can be used for improving the ETL process are described below:
1. Introduction of applications with improved security can be helpful for the organizations as these applications cannot be hacked easily.
2. Use of highly encrypted data which is nearly impossible to decrypt can also be helpful in improving ETL process.
3. Deployment of IT professionals in the organization who have good knowledge of different types of security features and counter measures for the security of data.
4. Use of improved firewall can also be helpful in keeping data secure and improve ETL process.
5. Restricting any kind of unauthorized access to the network of the organization can be helpful in keeping the confidential data safe.
6. Providing basic training related to the cyber security and security of data of the organization.
These are some of the methods and techniques which can be helpful for improving the ETL process.
I think that ENISA should not be satisfied with its IT security. This is because of the reason that every day, new technologies are coming in trend. With the introduction of each of these technologies, new security threats are also arising. If ENISA will be satisfied with the security measures which are used in the organization for the safety of data then it may be possible that with the passage of time a new threat may arise. This threat can be so advanced that even the security measures will not be able to stop the hackers attack.
Sometimes the viruses or malware are so advanced that they keep on making changes in themselves so that the countermeasures used for the protection of data and IT security are not enough. If the attacker is an insider working with ENISA or any other organization then chances are that the insider will be able to access data of that organization and steal that data for wrong purposes. Any kind of IT security or countermeasures will not be able to stop that kind of security threat. This can be a problem for ENISA because in such cases there are not many options available for an organization for the safety of their data. These kinds of attacks can only be controlled by making strict rules for employees and taking legal actions against them. These are some of the reason to show that ENISA should not be satisfied with their IT security and the security measure should be improved from time to time so that any kind of threat related to the security of big data can be handled. By using new resources and technologies related to the security of data can be helpful in improving IT security in ENISA.
This report was started with the purpose of explaining a number of threats which are faced by ENISA while keeping data and information safe from different kind of hacker’s attacks. The report successfully explains the different types of threats which are faced by ENISA while improving their IT security. The report can be helpful for the learners as it can allow them to learn about different security threats and the agents who are responsible for carrying out the security attacks. Learners can also learn about some of these security threats which had more damaging effect on ENISA as compared to other threats. The report also explains the different trends which are related to the security threats and the reason of these threats being in the trend.
Datawarehouse4u, (u.d.). ETL process. Retrieved from http://datawarehouse4u.info/ETL-process.html
Rouse, M. (2016). Big data. Retrieved from http://searchcloudcomputing.techtarget.com/definition/big-data-Big-Data
Sas, (u.d.). Big Data-What it is and why it matters. Retrieved from https://www.sas.com/en_au/insights/big-data/what-is-big-data.html
Wilson, D. (2016). Three Ways to Reduce the Impact of a Breach. Retrieved from https://securityintelligence.com/three-ways-to-reduce-the-impact-of-a-breach/